Endpoint Protection

Hello symantec team. Today i just cheched NTP logs and found there historical I.P& remote IP and some more attacks logs. I would like to tell you tha I am using sep 12.1.3 . Can you guys help me and tell me what it is?

See Rafeeqs comment for full explanation

https://www-secure.symantec.com/connect/forums/current-ip-historical-ip-remote-ip-address-ntp-attack-logs-sepm-121#comment-8903051

Per Rafeeq:

"Current IP Address

This is the IP address the client has now (or had at the last time it talked to SEPM). 

Historical IP Address

This is the IP address the client had when the attack occurred. 

Remote Host IP

This is the IP address of the other guy (usually the guy attacked this system)"

Hello,

So, you want to know more about the NTP logs and what does it capture, correct?

Secondly, have you turned on the Risk Tracer?

You are correct, that is what rafeeq states in the thread below:

https://www-secure.symantec.com/connect/forums/current-ip-historical-ip-remote-ip-address-ntp-attack-logs-sepm-121

 

Historical IP Address: This is the IP address the client had when the attack occurred. 

 

Hello SRT1, Agreed with above comments.

I would like to tell you that mean of Historical IP Address is 

This is the IP address the client had when the attack occurred. And mean of Remote Host IP is

This is the IP address of the other guy (usually the who attacked this system)

 

Please have a look of Rafeeq post in below article.

 

https://www-secure.symantec.com/connect/forums/current-ip-historical-ip-remote-ip-address-ntp-attack-logs-sepm-121#comment-8903051

Thnks brian and all..